Hans Salvisberg wrote: > James Turnbull wrote: >> What I meant to add was that the xinetd page got rolled into the >> deployment options summary - it seemed unnecessary to have a page >> dedicated to x(inetd) alone - the content of the page was changed to >> mention Peter's patch. I'll update the >> http://wiki.qpsmtpd.org/deploy:start page with the results of the >> current discussion. > > I felt some pieces were missing, that's why I kept digging for the old > page.
I've added some comments to the page reflecting today's discussions. > BTW, in many places there's talk about "the RPM", but for the > uninitiated it's difficult to find the RPMs -- Peter doesn't even have a > link on his home page! As they seem to be considered another somewhat > official distribution option, it would be helpful to have a link from > http://smtpd.develooper.com/get.html I'll go through the Wiki and link references to the RPM. > BTW2, in your very interesting book (I've barely scratched the surface) > you advocate obfuscating the MTA banner and version. qpsmtpd's SMTP > dialog is pretty cute if not downright frivolous. What's your stand here? Well. My opinion on this varies depending on the MTA. It's a minor advantage to obfuscate the MTA and version but sometimes every edge counts. I wrote a couple of tools several years ago to scan MTAs and return banners and sort by types and versions. The idea being to find vulnerable servers - this is especially true of Sendmail installations. In my experience a lot of attackers use similar methods to 'sweep' up vulnerable hosts. If they can't determine if you're vulnerable they just might pass you by. Of course, if they are specifically targeting you they'll just try every possible attack technique on your ports. Ultimately, it's a minor change and a minor advantage but I felt it was worth covering. I've not done it to my qpsmtpd installations but it's on the list somewhere. :) Regards James Turnbull -- James Turnbull <[EMAIL PROTECTED]> --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/1590594444/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)
signature.asc
Description: OpenPGP digital signature
